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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )E3 Responsive to communication(s) filed on 02 July 2001 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 11, 453 O.G. 21 3. 

Disposition of Claims 

4) £3 Claim(s) 1-38 is/are pending in the application. 
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5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-38 is/are rejected. 

7) £3 Claim(s) 3 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 

1. Claims 1-39 are presented for examination. 

Claim Objections 

2. The numbering of claims is not in accordance with 37 CFR 1.126 which requires 
the original numbering of the claims to be preserved throughout the prosecution. When 
claims are canceled, the remaining claims must not be renumbered. When new claims 
are presented, they must be numbered consecutively beginning with the number next 
following the highest numbered claims previously presented (whether entered or not). 

The first Misnumbered claim number 3, has been renumbered as claim 39 which 
is dependent on claim 1 . 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 
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4. Claims, 1-3, 10, 12-14, 16-21, 28, 30-32, 34-36, and 39 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Chen et al. (Chen, US Patent Number: 
5,960,170) in further view of Nash (Patent No.: US 6,449,645 Bl) 

As per claim 1,18, and 36, Chen teaches a method or a computer program product or 
system for detecting modifications to risk assessment scanning caused by an intermediate 
device, comprising 

(a) initiating a risk assessment scan on a target from a remote source utilizing a 
network (Chen Col. 13 lines 1-23, and Fig. 7); 

(b) the risk assessment scan involves an intermediate device coupled between the 
target and the remote source (Chen Fig. 1, and Fig. 7); 

(c) receiving results of the risk assessment scan from the target utilizing the 
network (Chen Col. 3 lines 8-27); and 

(d) notifying an administrator (Chen Col. 24 lines 1-20; notifying an administrator by 
email if virus was transmitted into the network); 

Chen does not explicitly teach determining whether the risk assessment scan 
involves an intermediate device coupled between the target and the remote source; and 

notifying an administrator if it is determined that the risk assessment scan 
involves the intermediate device; 
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However Nash teaches determining one of the pluralities of computers is 
presently involve (in communication) with a network of computers (Nash Col. 4 lines 1- 
24); 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Nash with in the system of Chen 
because it would allow to send the first indicia and the respective second indicia over the 
network of computers to a second location (Nash Col 4 lines 1-24) to detect and locate 
improper or illicit use of digitized information such as illegal pirating, copying, 
alteration, and the like (Nash Abstract). Therefore it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to employ the 
teachings of Nash with in the system of Chen because it would allow to determine 
whether the risk assessment scan involves an intermediate device coupled between the 
target and the remote source and notify an administrator if it is determined that the risk 
assessment scan involves the intermediate device. 

As per claim 2 and 19, Chen and Nash teach all the subject matter as described above. In 
addition Chen teaches the method or a computer program product, wherein the 
intermediate device includes a router (Chen Fig. 7 No. 710). 

As per claim 39 and 20, Chen and Nash teach all the subject matter as described above. 
In addition Chen teaches the method or a computer program product, wherein the 
intermediate device includes a proxy server (Chen Col. 16 lines 48-65). 
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As per claim 3 and 21, Chen and Nash teach all the subject matter as described above. In 
addition Nash teaches the method or a computer program product, wherein a plurality of 
procedures are utilized to determine whether the risk assessment scan involves the 
intermediate device (Nash Col. 4 lines 1-24). The rational for combining are the same as 
claim 1 above. 

As per claim 10 and 28, Chen and Nash teach all the subject matter as described above. 
In addition Chen teaches the method or a computer program product, wherein at least one 
of the procedures includes transmitting a first request for content to the target utilizing the 
network, and transmitting a second request for a cached version of the content to the 
target utilizing the network (Chen Col. 3 lines 8-27; It would have been obvious to one 
ordinary skill in the art at the time of the invention was made to transmit content and 
cached requests because Chen discloses transmitting requests for virus detection). 

As per claim 12 and 30, Chen and Nash teach all the subject matter as described above. 
In addition Chen teaches the method or a computer program product, wherein the at least 
one of the procedures further includes analyzing responses to the first and second 
requests (Chen Abstract). 

As per claim 13 and 31, Chen and Nash teach all the subject matter as described above. 
In addition Nash teaches the method or a computer program product, wherein the at least 
one of the procedures further includes indicating that the risk assessment scan involves 
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the intermediate device based on the analysis (Nash Col. 4 lines 1-24). The rational for 
combining are the same as claim 1 above. 

As per claim 14 and 32, Chen and Nash teach all the subject matter as described above. 
In addition Nash teaches the method or a computer program product, wherein the at least 
one of the procedures further includes indicating that the risk assessment scan involves 
the intermediate device if the responses to the requests are different (Nash Col. 4 lines 1- 
24). The rational for combining are the same as claim 1 above. 

As per claim 16 and 34, Chen and Nash teach all the subject matter as described above. 
In addition Chen teaches the method or a computer program product, wherein the at least 
one of the procedures further includes identifying an error message in response to the 
request (Chen Col. 20; identifying an error message when a virus was detected). 

As per claim 17 and 35, Chen and Nash teach all the subject matter as described above. 
In addition Nash teaches the method or a computer program product, wherein the at least 
one of the procedures includes indicating that the risk assessment scan involves the 
intermediate device, (Nash Col. 4 lines 1-24) The rational for combining are the same as 
claim 1 above, if the response includes the error message (Chen Col. 20). 

5. Claims 4-9, 11,15, 22-27, 29, 33, and 37-38 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Chen et al. (Chen, US Patent Number: 5,960,170) in further 
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view of Nash (Patent No.: US 6,449,645 Bl), and in further view of Brown (Patent No.: 
US 6,661,791 Bl). 

As per claim 37, and 38, Chen teaches a method or a computer program product for 
detecting modifications to risk assessment scanning caused by a proxy server, 
comprising: 

(a) initiating a risk assessment scan on a target from a remote source utilizing a 
network (Chen Col. 13 lines 1-23, and Fig. 7); 

(b) executing a plurality of procedures (Chen Col. 26 lines 1-13) to the risk 
assessment scan involves a proxy server coupled between the target and the 
remote source (Chen Fig. 1, and Fig. 7); 

(c) said procedures utilizing a plurality of parameters selected from the group 
consisting of a host header value (Chen Col. 18 lines 17-27); 

(d) receiving results of the risk assessment scan from the target utilizing the 
network (Chen Col. 3 lines 8-27); 

(e) flagging the results of the risk assessment scan (Chen Col. 24 lines 1-20; flags by - 
sending an email to network administrator), the risk assessment scan involves a 
proxy server coupled between the target and the remote source (Chen Fig. 1, and 
Fig. 7); and 

(f) notifying an administrator if the results of the risk assessment scan is 

flagged (Chen Col. 24 lines 1-20; notifying an administrator by email if virus was 
transmitted into the network). 
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Chen does not explicitly teach (b) determining whether the risk assessment 
scan involves a proxy server coupled between the target and the remote source; 
e) flagging the results of the risk assessment scan if at least one of the 
procedures indicates that the risk assessment scan involves a proxy server coupled 
between the target and the remote source; 

However Nash teaches determining one of the pluralities of computers is 
presently involve (in communication) with a network of computers (Nash Col. 4 
lines 1-24); 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Nash with in the system of Chen 
because it would allow to send the first indicia and the respective second indicia over the 
network of computers to a second location (Nash Col. 4 lines 1-24) to detect and locate 
improper or illicit use of digitized information such as illegal pirating, copying, 
alteration, and the like (Nash Abstract). Therefore it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to employ the 
teachings of Nash with in the system of Chen because it would allow to determine 
whether the risk assessment scan involves a proxy server coupled between the target and 
the remote source and flagging the results of the risk assessment scan if at least one of the 
procedures indicates that the risk assessment scan involves a proxy server coupled 
between the target and the remote source. 
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Chen and Nash do not explicitly teach (c) said procedures utilizing a plurality 
of parameters selected from the group consisting of an ip-ttl flag, a tcp-win flag, a via tag; 

However Brown teaches said procedures utilizing a plurality of parameters 
selected from the group consisting of an ip-ttl flag (Brown Fig. 5C No. 536), a tcp-win 
flag (Brown Fig. 5D No. 564), a via tag (Brown Col. 5 lines 7-18); 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Brown with in the combination 
system of Chen and Nash because it would allow to flag or indicate how long the pocket 
should be allowed to survive before being discard. 

As per claim 4 and 22, Chen, Nash, and Brown teach all the subject matter as described 
above. In addition Brown teaches the method or a computer program product, 
wherein at least one of the procedures includes determining a port list associated 
with the risk assessment scan (Brown Col. 1 lines 7-25, cpl. 3 lines 53-59). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Brown with in the combination 
system of Chen and Nash because it would allow to determine the port to which the data 
packet is going to be forwarded on a destination address. 

As per claim 5 and 23, Chen, Nash, and Brown teach all the subject matter as described 
above. In addition Brown teaches the method or a computer program product, 
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wherein the at least one of the procedures further includes determining whether a 
value of a flag is different for communication attempts using at least two ports on 
the port list (Brown Col. 6 lines 18-45). The rational for combining are the same as claim 
37 above. 

As per claim 6 and 24, Chen, Nash, and Brown teach all the subject matter as described 
above. In addition Brown teaches the method or a computer program product, 
wherein the flag includes an ip-ttl flag (Brown Col. 6 lines 18-45). The rational for 
combining are the same as claim 37 above. 

As per claim 7 and 25, Chen, Nash, and Brown teach all the subject matter as described 
above. In addition Brown teaches the method or a computer program product, 
wherein the flag includes a tcp-win flag (Brown Col. 6 lines 18-45). The rational for 
combining are the same as claim 37 above. 

As per claim 8 and 26, Chen, Nash, and Brown teach all the subject matter as described 
above. In addition Chen teaches the method or a computer program product, 
wherein the communications include connection attempts between the remote 
source and the target utilizing the network (Chen Fig. 7). 

As per claim 9 and 27, Chen, Nash, and Brown teach all the subject matter as described 
above. In addition Nash teaches the method or a computer program product, 
wherein the at least one of the procedures further includes indicating that the risk 



Application/Control Number: 09/895,498 Page 1 1 

Art Unit: 2136 

assessment scan involves the intermediate device, (Nash Col. 4 lines 1-24) The rational 
for combining are the same as claim 1 above, if the value of the flag is different for the 
communication attempts using the at least two ports on the port list (Brown Col. 6 lines 
18-45). The rational for combining are the same as claim 37 above. 

As per claim 1 1 and 29, Chen, Nash, and Brown teach all the subject matter as described 
above. In addition Brown teaches the method or a computer program product, wherein 
the cached content is requested from the target utilizing a via tag (Brown Col. 5 lines 7- 
19). It would have been obvious to one havening ordinary skill in the art at the time of the 
invention to employ the teachings of Brown with in the combination system Chen and 
Nash because it would provide information on how the received data packet is classified 
(Brown Col. 5 lines 7-19). 

As per claim 15 and 33, Chen, Nash, and Brown teach all the subject matter as described 
above. In addition Brown teaches the method or a computer program product, wherein at 
least one of the procedures includes transmitting a request without specifying a host 
header value (Brown Col. 4 lines 62-67; optional host traffic label). The rational for 
combining are the same as claim 1 1 above. 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Eleni A Shiferaw whose telephone number is 571-272- 
3867. The examiner can normally be reached on Mon-Fri 8:00am-5 :00pm. 



Application/Control Number: 09/895,498 



Page 12 



Art Unit: 2136 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Eleni Shiferaw 
Art Unit 2136 
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